outlook clients can't connect to exchange server

the ".com" zone is our external domain and ".net" is internal. I have setup a new exchange 2013 environment as migrating from domino/lotus server.

we have a wildcard cert for external domain which is imported into new exchange and working fine i.e. "*.mycompany.com"

after running all post setup task for exchange server etc all is fine I've created a couple of test accounts and can send mail internally and send externally using OWA. (cant received internally yet because we a re still using domino until we migrate mailboxes in the next week or so).

now I've setup a test outlook machine and it wont connect with error:

"the action cannot be completed. the connection to the exchange server is unavailable. outlook must be online or connected to complete this action.

from exchange powershell I ran "test-outlookwebservices......"

here's the output:

Error : System.Net.WebException: The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel. --->

You may need to create the following in DNS: New host (A) record in your mycompany.net zone for autodiscover.mycompany.net and point it to your Exchange server. If that gets you past the error you may get certificate warnings. If you do, view the certificate and install it to the trusted root certificate authority.